General
-
Target
pluh.rar
-
Size
80KB
-
Sample
240413-mmefzsfh2v
-
MD5
73ded24f416e6e70f3440b069ba0b250
-
SHA1
afb8f7b18f01f7939f2c0a569ebfbc2a384aec4c
-
SHA256
fb62df7d72d084f755b3eb181c44287fedc95b0e01fd1033e4c60add76432ff7
-
SHA512
44944136afbf8d4473aa90db8254ff7f4f70ae2f8b5fac87ad538a26d533bfcb6eb5d0ebbcfa6453c01b13e8459a485c26e8cf1a71b24632f54268972c354c18
-
SSDEEP
1536:HBrFLRy5CWhgOqbBAJBwWU533e0gUHZ82IvEB8M6J2mBTajHBfrSJb:hrFLQw514jU5nJgUDuqnO
Behavioral task
behavioral1
Sample
pluh/external roblox launcher.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
pluh/external roblox launcher.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
umbral
https://discordapp.com/api/webhooks/1118394761666109480/thDS3oSfSmHsoCQyjlB8zJN33LvfFYhiuSCKRCOwKm_YjjVfoa3nZJjZm8giA5yj1M22
Targets
-
-
Target
pluh/external roblox launcher.exe
-
Size
229KB
-
MD5
65536dc4bcafc3ee3c1dcf7ed64c12df
-
SHA1
e1ca248ae2ef47a6b89ad6fb155f4d5ec3674e9c
-
SHA256
98e7e144b7bc45bd52601d093b1e447cf486bf2e8cd2ba84e8325e2d7b269662
-
SHA512
25f5043750e42d312b879dcb1b37bc4621790f7402befa21578818c8de6020f1983a984bde79eeaca60b3cd12654fe2dae6e728826e0c4da3794be3519d3bcc2
-
SSDEEP
6144:OwloZM3fsXtioRkts/cnnK6cMlkCanywvrY8hkijD6yBeb8e1mvpi:PoZ1tlRk83MlkCanywvrY8hkijD6yQiw
-
Detect Umbral payload
-
Drops file in Drivers directory
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-